Permissions, owner, group inheritance?

Question

I don't understand restrictions in terms of directories nesting. For example, /var/www/folder/index.html directories.

• What permissions, owner, group should every directory and file have?
• Is there such a thing as inheritance here? I mean, do outer's directory permissions, owner, group affect its inner directories and files?

All answers here explain permissions only in terms of one separate directory and a file in it. Nobody pays attention to inheritance.

For example, I want to set up an Nginx server to serve /var/www/folder directory and all its sub-directories and files. How should I think about permissions, owners, groups?

• /var - what permissions? what are owner and group?
• /var/www - what permissions? what are owner and group?
• /var/www/folder1 - what permissions? what are owner and group?
• /var/www/folder/folder2/ - what permissions? what are owner and group?
• /var/www/folder/folder2/index.html - what permissions? what are owner and group?

Answer 1

Just a reminder:

Ubuntu create folders with default permissions 755 and files with default permissions 644. You can change this default value playing with umask. So in general No files don't inherit their parent permissions, instead newly created files/dirs have the default permissions

---

Back to your question:

You are getting confused with permissions. Just want you to know permissions is related to what you want to do and what level of security you want to use, thus this is relative to the user himself and nobody can answers your questions!!

Also you have to distinguish between permissions of the folder itslef or the files inside. for example you ask for permissions of /var. So what /var you mean? you mean the directory itslef or also the included files. Any let's take it as example to explain what I said before. let's see what /var include.

$ ls -l /var
total 128
drwxr-xr-x   2 root root      4096 Jul 17 08:18 backups
drwxr-xr-x  27 root root      4096 Jun  2 13:01 cache
drwxrwsrwt   2 root whoopsie  4096 Jul 24  2014 crash
drwxr-xr-x   2 root root      4096 May 20  2014 games
drwxr-xr-x 107 root root      4096 Jul 14 12:25 lib
drwxrwsr-x   2 root staff     4096 Apr 19  2012 local
lrwxrwxrwx   1 root root         9 May 22 12:52 lock -> /run/lock
drwxr-xr-x  31 root root     12288 Jul 23 08:02 log
drwxrwsr-x   2 root mail      4096 Apr  7  2014 mail
drwxr-xr-x   3 root root      4096 Jun 20  2014 NX
drwxr-xr-x   2 root root      4096 Apr  7  2014 opt
-rw-r--r--   1 root root     65408 Jul  2 10:27 _r_udev_201310127.shm
lrwxrwxrwx   1 root root         4 May 22 12:52 run -> /run
drwxr-xr-x  14 root root      4096 Jun 17 20:29 spool
drwxrwxrwt   3 root root      4096 Jul 23 08:24 tmp
drwxrwxrwx   8 root root      4096 Jun  4 13:16 www
drwxr-xr-x   3 root root      4096 Jun 13 09:10 yp

As you see in the sample list above there are some directories such as crash,local and mail whom group is not root!! Why? because that whhat I've said before this is related to use.

So in general, just use the permissions that make you secure as possible and make your stuff work.

Take a look for my answer https://askubuntu.com/a/638799/150504 for more information about permissions.

Answer 2

Execute the ls -l to list the permissions, owner, and group for all files and directories in a particular directory:

ls -l /var
ls -l /var/www
ls -l /var/www/folder1
ls -l /var/www/folder/folder2

index.html will be included in the listed contents of the last directory so no command is necessary.

Although, if you did want to know the ownership and permission of that file:

ls -l /var/www/folder/folder2/index.html

File permissions are listed in the following format for files:

-rwxrwxrwx indicates read, write, and execute permissions for everybody.

for directories:

drwxrwxrwx

The first rwx indicates read, write, execute permission for owner of the file.

The next three characters, rwx, indicate read, write, execute permission for all users in the group listed for the file.

The last three characters, rwx, indicate read, write, execute permission for all users.

Together, you have -rwxrwxrwx, three groups of letters with three letters in each group.

The following command example would allow full permission for the owner of the file, read only for other members of the group, and read only for any other user (-rwxr--r--):

chmod 744 /var/www/folder/folder2/index.html

Alternatively, if you want to apply permissions to all files and directories in a particular directory, use the -R flag to apply the permissions recursively throughout the directory:

chmod -R 744 /var/www/folder/folder2

or, to apply permissions to all contained files and recursively to all subdirectories:

chmod -R 744 /var/www/folder/folder2/*

The number 7 coincides with rwx.

The number 6 coincides with rw- and does not allow permission to execute.

The number 5 coincides with r-x and does not allow permission to write.

The number 4 coincides with r-- read-only.

The number 3 coincides with -wx and does not allow permission to read.

The number 2 coincides with -w- and is write-only.

The number 1 coincides with --x and is execute-only.

One common combination is 664 which gives read and write to the owner and group members for the file, read only for all other users and no permission for executing the file: -rw-rw-r--